Azure AD SAML AuthHub Migration - Please enter an identifier which is unique within your organization.
search cancel

Azure AD SAML AuthHub Migration - Please enter an identifier which is unique within your organization.

book

Article ID: 378585

calendar_today

Updated On:

Products

CloudHealth

Issue/Introduction

Step 2 of this documentation calls to update the existing Audience URI within your SAML app for Tanzu CloudHealth to https://access.broadcom.com/default

https://docs.vmware.com/en/VMware-Tanzu-CloudHealth/SaaS/using-and-managing-vmware-tanzu-cloudhealth/GUID-migrating-to-authhub-authentication.html#how-to-migrate-to-authhub-saml-2  

Note: The Audience URI is called the Identifier (EntityID) in Azure AD SAML

You may encounter the error "Please enter an identifier which is unique with your organization" when entering the Audience URI https://access.broadcom.com/default in Azure AD SAML. This is due to customer having another application already using this Audience URI, typically VMWare Cloud Services and this must be unique.

Resolution

The solution is to append #some-unique-string to the audience URI (Example: https://access.broadcom.com/default#1234) which will work for IdP-initiated flows only (does not work for SP-init) and finish the remaining steps mentioned here: https://docs.vmware.com/en/VMware-Tanzu-CloudHealth/SaaS/using-and-managing-vmware-tanzu-cloudhealth/GUID-migrating-to-authhub-authentication.html#how-to-migrate-to-authhub-saml-2 

Note: IDP Initiated flow login = means user login via Identity provider which is Azure AD SAML and SP Initiated flow = means users login using service provider which is CloudHealth website directly https://apps.cloudhealthtech.com/ 

Powered by Wolken Software